I am trying to reset the JSESSIONID java session id cookie's attribute "httponly" to "true", some how, it does not allow me to do it. Here is the code
after I set httponly to "true" on, the client side still show false. but if I set <web-app id="" root-directory="/var/resin/foo">
<cookie-http-only>true</cookie-http-only>
<web-app id="">
in resin.xml it will work, but it set all cookie httponly to true. that is not what I want. Any one know about this.